INDUSTRIAL CONTROL SYSTEM CYBER SECURITY AND THE CRITICAL INFRASTRUCTURES

Abstract

ABSTRACTIndustrial control systems (ICSs) are critical to the operation of a modern society. ICS design is to be reliable and safe, rather than cyber secure. There is insufficient understanding of ICS cyber threats and what makes them different from traditional IT malware. ICSs throughout the world monitor and control electric grids, power plants, water and waste water systems, chemical plants, refineries, pipelines, manufacturing, transportation, and other physical processes. ICSs are systems of systems requiring cyber security to address the networks, the control centers, field devices, communication protocols, software, and firmware of each device.Cyber incidents, defined by US Presidential Policy Directive (PPD) 41 (https://www.whitehouse.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident), are electronic communications between systems that can impact confidentiality, integrity, and/or availability. As of November 2016, I have a database of more than 900 actual ICS cyber incidents. Most of the incidents were not malicious and most were not identified as being cyber‐related. Cyber attacks against ICSs have been rare. The most famous attack was Stuxnet (http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf). In December 2015, the Ukrainian electric grid was cyber attacked and more than 230,000 customers lost power (https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01). The test at the Idaho National Laboratory (INL) in March 2007 (Swearingen et al. 2013) demonstrated the Aurora vulnerability. Aurora exploits a physical gap in protection of the electric grid affecting ALL substations. It uses the protective devices as the vehicle for the attack, which effectively removes any protection. It also uses the electric infrastructure against itself and its customers. The US Department of Homeland Security (DHS) inadvertently made the true nature of the Aurora vulnerability public in July 2014 (https://www.muckrock.com/foi/united-states-of-america-10/operation-aurora-11765/?utm_source=dlvr.it&utm_medium=twitter#1212530-14f00304-documents, May 22, 2014). Most publicly available information about Aurora has been misleading which resulted in most utilities not taking actions to prevent this real threat. The reason for the explanation about Aurora is the Ukrainian cyber attack used step 1 of the 2 steps of Aurora – remotely opening the breakers. The attackers chose not to go to Step 2 – reclosing the breakers out‐of‐phase with the grid.